<?php 
/* 
 * This file is part of TCDB. 
 * 
 * Copyright (C) 2000-2009 
 * Technology Consultant Corps 
 * Grinnell College 
 * Grinnell, IA, 50112 
 * tc@grinnell.edu 
 * 
 * TCDB is free software; you can redistribute it and/or modify 
 * it under the terms of the GNU General Public License as published by 
 * the Free Software Foundation; either version 3 of the License, or 
 * (at your option) any later version. 
 * 
 * TCDB is distributed in the hope that it will be useful, 
 * but WITHOUT ANY WARRANTY; without even the implied warranty of 
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 
 * GNU General Public License for more details. 
 * 
 * You should have received a copy of the GNU General Public License 
 * along with TCDB. If not, see <http://www.gnu.org/licenses/>. 
 * 
 
 ============================================================================= 
 
 * user_info.php -- Looks up information on the given user (from the $_GET
 *		    superglobal) and display information.
 *
 *		    This page does not allow anyone (including an admin) to
 *		    change user information. edit_users.php allows admins to
 *		    change that info.
 * 
 * Author: Dylan J. Sather
 * Created: 2009-06-04 
 * Last edited: 2009-07-29
 *
 * Thanks to Andrew Kensler for his work on user_info.php since September 2000
 */ 
 
$page_title = "user_info.php"; 

require('init.php'); 
require('require_login.php'); 
include('header.php'); 

echo "	<div class='content_box'> <!-- CONTENT div -->\n";

// If the user_id isn't set, display an error message
if (!isset($_GET['user_id'])) {
    echo "  <h2>Cannot display information -- no user ID specified</h2>\n";
}

// Otherwise, we have a user_id and we can move on
else {

    // Get and display basic information
    $query = sprintf("SELECT username,
			     first_name, last_name,
			     email, campus_phone,
			     cell_phone, box_num,
			     rank_id, ranks.name,
			     DATE_FORMAT(last_login, '%%H:%%i %%a, %%b %%e'),
			     class, semesters, last_updated,
			     major, concentration,
			     DATE_FORMAT(hire_date, '%%a, %%b %%e %%Y')
		      FROM users, ranks
		      WHERE users.id = '%s'
		      AND users.rank_id = ranks.id",
		  mysqli_real_escape_string($mysqli, $_GET['user_id']));

    $result = $mysqli->query($query, MYSQLI_STORE_RESULT);

    // If we get a result set, we should display specific info; otherwise, we should throw appropriate errors
    if ($result->num_rows != 0)
	$display_content = TRUE;
    else 
	$display_content = FALSE;

    list($username, $first_name, $last_name, $email, $campus_phone, $cell_phone, $box_num, $rank_id, 
	 $rank, $last_login, $class, $semesters, $last_updated, $major, $concentration, $hire_date) = $result->fetch_row();

    $result->free();

    // Start printing content
    if ($display_content)
	echo "	  <h2 class='underline'>User Info for $first_name $last_name</h2>\n";
    else
	echo "	  <h2 class='underline'>Couldn't display User Info</h2>\n";

    echo "    <div class='left_content'> <!-- LEFT CONTENT div -->\n";

    if ($display_content) {
	  echo "
	  <h3 class='underline'>Basic Info</h3>
	  <p><span class='bold'>Username</span>: <a href='http://db.grinnell.edu/campusdir/default.asp?transmit=true&amp;email=$username'>$username</a></p>
	  <p><span class='bold'>E-mail</span>: $email</p>
	  <p><span class='bold'>Campus Phone</span>: $campus_phone</p>";

	if ($cell_phone) {
	    echo "
	  <p><span class='bold'>Cell Phone</span>: $cell_phone</p>";
	}

	echo "
	  <p><span class='bold'>Box Number</span>: $box_num</p>
	  <p><span class='bold'>Rank</span>: $rank</p>
	  <p><span class='bold'>Last Login</span>: $last_login</p>
	  <p><span class='bold'>Class</span>: $class</p>
	  <p><span class='bold'>Semesters</span>: $semesters</p>
	  <p><span class='bold'>Major</span>: $major</p>";

	if ($concentration) {
	  echo "
	  <p><span class='bold'>Concentration</span>: $concentration</p>";
	}

	echo "  
	  <p><span class='bold'>Hire date</span>: $hire_date</p>";
    }
    else {
	echo "	      <p class='bold'>Couldn't display Basic Info; please contact a TCC</p>\n";
    }

    // Now get certification info
    $query = sprintf("SELECT name, DATE_FORMAT(date, '%%a, %%b %%e, %%Y')
		      FROM certifications, labs
		      WHERE user_id = '%s'
		      AND lab_id = id",
		  mysqli_real_escape_string($mysqli, $_GET['user_id']));

    $result = $mysqli->query($query, MYSQLI_STORE_RESULT);

    if ($result->num_rows != 0) {
	echo "<h3 class='underline'>Certifications</h3>\n";

	while (list($lab_name, $cert_date) = $result->fetch_row()) {
	    echo "<p><span class='bold'>$lab_name</span>: $cert_date</p>\n";
	}
    }
    else {
	echo "<p class='bold'>$first_name isn't certified for any special labs</p>\n";
    }

    $result->free();

    // If this is an admin viewing the page, let her edit info about this user
    if ($_SESSION['is_admin']) {
	echo "<h3 class='underline'>Edit User Info</h3>
	<a href='timesheet.php?user_id=" . $_GET['user_id'] . "'>Timesheet</a><br />
	<a href='edit_users.php?user_id=" . $_GET['user_id'] . "'>Directory Info</a>\n";
    }

    echo "</div> <!-- End LEFT CONTENT div -->
    <div class='right_content'> <!-- RIGHT CONTENT div -->
      <h3 class='underline'>Current Picture</h3>\n";

    // Fetch image
    $query = sprintf("SELECT user_id
		      FROM images
		      WHERE user_id='%s'",
		  mysqli_real_escape_string($mysqli, $_GET['user_id']));

    $result = $mysqli->query($query, MYSQLI_STORE_RESULT);

    // If we get a result, show image; otherwise, display an error
    if ($result->num_rows != 0) {
	echo "<img src='display_image.php?id=" . $_GET['user_id'] . "&amp;buffer=0' alt='Image of " . $username . "' class='no_border' />\n";
    }
    else {
	echo "<h3>IMAGE UNAVAILABLE</h3>\n";
    }

    $result->free();

    echo "      <p id='last_updated_footer'>Info Last Updated: $last_updated</p>";

    // Display existing comments, if any
    if ($_SESSION['is_admin']) {

	echo "<h3 class='underline'>Comments on $first_name $last_name</h3>\n";

	// Pull existing comments, if any, from the DB
	$query = sprintf("SELECT comment, date, submitted_by
			  FROM user_comments
			  WHERE user_id = '%s'
			  ORDER BY date",
		      mysqli_real_escape_string($mysqli, $_GET['user_id']));

	$result = $mysqli->query($query, MYSQLI_STORE_RESULT);

	// If we have any comments, display them
	if ($result->num_rows != 0) {
	    while (list($comment, $comment_date, $submitted_by) = $result->fetch_row()) {
		echo "<h4>Submitted on $comment_date by $submitted_by</h4>
		<p>$comment</p>\n";
	    }
	}
	else
	    echo "<h4>There are no comments for $first_name $last_name</h4>\n";

	$result->free();
    }


    echo "</div> <!-- End RIGHT CONTENT div -->\n";

    // DYLAN, REMEMBER TO INCLUDE SHIFT INFO HERE LATER

}

echo "</div> <!-- End CONTENT div -->\n";

include('footer.php'); 

?> 
